Android Firmware Transmissions to China

Kryptowire, a mobile security research firm, has announced the discovery of firmware in select android phones that transmits data, including PII to third-party servers. According to Kryptowire:

“These devices actively transmitted user and device information including the full-body of text messages, contact lists, call history with full telephone numbers, unique device identifiers including the International Mobile Subscriber Identity (IMSI) and the International Mobile Equipment Identity (IMEI).”

The capabilities of this firmware did not end there, they included the ability to bypass permission models and security of Android, remotely wipe or reprogram the device, and execute commands with privilege escalation.

The data is sent encrypted by the firmware to servers in Shanghai, China and the firmware was created by a Chinese firm known as Shanghai Adups Technology Co. Ltd. This firmware went undiscovered due to malware detection and Android OS white-listing firmware and associated data and applications pre-shipped with the phone. Kryptowire discovered this through code and network analysis of the phones behavior and subsequently informed the retailers and manufacturers of these phones.